Hide variable values from request/response


Using Newman + Htmlextra, I’m getting in both of them requests/responses with sensitive data displayed, showing variable values instead of only the variable itself. Is there a way to bypass this?

Request URL displayed in Newman/htmlextra https://address.com/v2/method?api_key=qwerty123
Request URL expected to be displayed, as in Postman: {{urlAPI}}/method?api_key={{apiKey}}

Newman version 5.2.1
Htmlextra version 1.19.7

Hey @andrei_m

That section of the report is just presenting the resolved URL - There’s nothing in the reporter, that I’ve added, that would mask or hide those values.

Is it just the params that you would like to mask?

That is correct. For security reasons, Api Key should not be visible in the report, in any part of it.

Any suggestions, please?

Add something to the reporter to prevent that from showing :smiley:

Like I mentioned, the report will continue to show the fully resolved URL until some flag is added to remove that from view.

Thank you, this is my initial question. what could I add to prevent this?

I have tried skipSensitiveData, skipEnvironmentVars, other Newman flags, but without any result.

I fully understood what you’re trying to do here :smiley:

I created the htmlextra reporter - There is nothing in the reporter that will mask/hide/change the URL, or any part of it, from being displayed on the final report.

A new feature will need to be added to the reporter to mask or hide the URL which could be controlled by a new CLI flag. None of the existing flags will do anything to the URL.